Home / malware Android.Crisis
First posted on 15 July 2015.
Source: SymantecAliases :
There are no other names known for Android.Crisis.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics: Package name: Uses multiple names (e.g. com.android.deviceinfo)Version: 1.0
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Start once the device has finished bootingWrite to external storage devicesCreate new SMS messagesMake the phone vibrateSend SMS messagesMonitor incoming SMS messagesMonitor, modify, or end outgoing callsOpen network connectionsChange Wi-Fi network connectivity stateChange network connectivity stateAccess the cameraAccess the flashlightInitiate a phone call without using the Phone UI or requiring confirmation from the userAccess information about the Wi-Fi stateAccess information about networksAccess location information, such as Cell-ID or Wi-FiAccess location information, such as GPS informationCheck the phone's current stateUse the device's mic to record audioRead user's contacts dataRead calendar informationRead device's logsChange the background wallpaperPrevent processor from sleeping or screen from dimming
Installation
Once installed, the Trojan does not display an icon.
Functionality
When the Trojan is executed, it may gather the following information: PhotosAudio recorded from the microphoneChat logs from apps such as BBMChat, GTalk, JP Naver Line, and SkypeGPS dataContactsEmailsSMS and MMS messagesSystem informationWi-Fi network configuration dataCalendar detailsClipboard data
The Trojan may also gain root access to the compromised device.Last update 15 July 2015